I just started working with npm, and I have nvm installed (if that makes any difference). I ran sudo swupd update and sudo swupd repair and it started getting rid of a bunch of files with npm in their pathname. I let the command run to completion, and then verified that my global npm root (as per npm root -g) was in fact /usr/lib/node_modules/, an OS managed area. I’m not sure what I had installed globally (fingers crossed it didn’t break my build/runtime environment) but what are some tips on how to avoid this in the future? Perhaps I can have CL ignore certain paths (man stateless mentions default whitelisted /usr/ subpaths, but doesn’t provide guidance on how to add to this list)?

More generally, I can probably fix this one problem, but how should CL go about handling tools other than swupd that might write to a designated “OS” area under stateless? I, myself, have been good about following stateless rules to avoid my files being overwritten, but the tools I use might not be as discriminating.

npm global installs are actually for when you want multiple projects to share a package. In npm, the default is installation for a directory, not for a user. This is usually some sort of utility package (like I think at one point I installed one that forces a major semver bump to all deps in order to quickly resolve dependency conflicts [which is bad practice, I know, just giving an example]). Node/npm docs and how-tos say to install certain things via npm globally. I understand the reasoning behind your answer, but the reality is I don’t have control over npm's packaging philosophy and I’m kinda stuck with using it in order to build my node.js website. I’ll keep this in mind, but suppose I’m forced to install something globally using npm. What should I do in order to preserve statelessness?